Storage devices are utilized in a variety of environments. Typically they are used to store data for use on a host system. FIG. 1 shows a Flash storage device 10 with an encryption engine 12. This encryption engine 12 can be accomplished in either hardware or software. The device 10 contains host interface logic 14 to interface to a host device. A small, low performance onboard processor 16 is used for overall device control. The device 10 also includes onboard RAM 18 and ROM 20 for device controller firmware operation, Flash memory 22 for data storage, and logic for Flash memory interface 24.
Current technology requires some portion of the security, management and monitoring software to be executed on the host system. This software can be easily compromised when operating in an uncontrolled, non-protected environment.
FIG. 2 shows a Flash storage device 100 that contains some components similar to the device of FIG. 1. However, this device has additional application RAM 102 and a high performance processor 104. This high performance processor 104 and application RAM 102 provide a secure area with enough performance for execution of a plurality of security, access management and monitoring (SAMM) applications within the USB storage device.
The USB storage device 10 depicted in FIG. 1 provides encryption to safeguard the data contained on the device, should the device be lost or stolen. This architecture assumes that the intended user and connected host system is fully trusted. File activities outside the enterprise cannot be controlled or monitored for this device. Such software would have to operate on the host system and is therefore vulnerable to compromise. This also makes the storage device vulnerable to viruses, spyware and malware, since software to guard against such attacks could also be deactivated or compromised when operating on an uncontrolled host system.
The USB storage device 100 in FIG. 2 addresses these issues by providing a secure place for utilizing certain applications, such as the plurality of SAMM applications. However, the added cost of incorporating a high performance processor 104 with additional RAM 102 that has enough processing performance to operate these SAMM applications can be significant. This cost increase would be applied to every USB storage device 100 purchased by an organization that has a need for this level of security and control of data stored on USB storage devices.
A corporation, enterprise or organization which has computers and/or host systems are made secure by granting only limited access to the users. This environment would not require the use of the storage device 100 detailed in FIG. 2 since the plurality of SAMM applications can operate securely from these host systems with significantly reduced risk of being compromised. This extra processing power and dedicated application RAM 102 located on the USB storage 100 device of FIG. 2 is only required when the device is connected to a host system outside the control of the organization. Typically only a small percentage of users will need to use the storage device outside of the enterprise. Hence it would be cost prohibitive to require that all the storage devices have this security capability.
Accordingly, what is needed is a system and method that addresses the above-identified issues. The present invention addresses such a need.